Blame SOURCES/cdrkit-1.1.9-buffer_overflow.patch

224c4d
diff -ru origin-1.1.9/wodim/scsi_cdr.c master-1.1.9/wodim/scsi_cdr.c
224c4d
--- origin-1.1.9/wodim/scsi_cdr.c	2008-02-25 12:14:07.000000000 +0100
224c4d
+++ master-1.1.9/wodim/scsi_cdr.c	2009-07-16 12:01:29.000000000 +0200
224c4d
@@ -2181,26 +2181,30 @@
224c4d
 		if (inq->add_len == 0) {
224c4d
 			if (usalp->dev == DEV_UNKNOWN && got_inquiry) {
224c4d
 				usalp->dev = DEV_ACB5500;
224c4d
-				strcpy(inq->vendor_info,
224c4d
-					"ADAPTEC ACB-5500        FAKE");
224c4d
+				strncpy(inq->vendor_info, "ADAPTEC ", 8);
224c4d
+				strncpy(inq->prod_ident,"ACB-5500        ", 16);
224c4d
+				strncpy(inq->prod_revision, "FAKE", 4);
224c4d
 
224c4d
 			} else switch (usalp->dev) {
224c4d
-
224c4d
 				case DEV_ACB40X0:
224c4d
-					strcpy(inq->vendor_info,
224c4d
-							"ADAPTEC ACB-40X0        FAKE");
224c4d
+					strncpy(inq->vendor_info, "ADAPTEC ", 8);
224c4d
+					strncpy(inq->prod_ident, "ACB-40X0        ",16);
224c4d
+					strncpy(inq->prod_revision, "FAKE", 4);
224c4d
 					break;
224c4d
 				case DEV_ACB4000:
224c4d
-					strcpy(inq->vendor_info,
224c4d
-							"ADAPTEC ACB-4000        FAKE");
224c4d
+					strncpy(inq->vendor_info, "ADAPTEC ",8);
224c4d
+					strncpy(inq->prod_ident, "ACB-4000        ",16);
224c4d
+					strncpy(inq->prod_revision, "FAKE",4);
224c4d
 					break;
224c4d
 				case DEV_ACB4010:
224c4d
-					strcpy(inq->vendor_info,
224c4d
-							"ADAPTEC ACB-4010        FAKE");
224c4d
+					strncpy(inq->vendor_info, "ADAPTEC ",8);
224c4d
+					strncpy(inq->prod_ident, "ACB-4010        ",16);
224c4d
+					strncpy(inq->prod_revision, "FAKE",4);
224c4d
 					break;
224c4d
 				case DEV_ACB4070:
224c4d
-					strcpy(inq->vendor_info,
224c4d
-							"ADAPTEC ACB-4070        FAKE");
224c4d
+					strncpy(inq->vendor_info,"ADAPTEC ",8);
224c4d
+					strncpy(inq->prod_ident, "ACB-4070        ", 16);
224c4d
+					strncpy(inq->prod_revision, "FAKE",4 );
224c4d
 					break;
224c4d
 			}
224c4d
 		} else if (inq->add_len < 31) {
224c4d
@@ -2230,14 +2234,16 @@
224c4d
 
224c4d
 	case INQ_SEQD:
224c4d
 		if (usalp->dev == DEV_SC4000) {
224c4d
-			strcpy(inq->vendor_info,
224c4d
-				"SYSGEN  SC4000          FAKE");
224c4d
+			strncpy(inq->vendor_info,"SYSGEN  ",8);
224c4d
+			strncpy(inq->prod_ident, "SC4000          ",16);
224c4d
+			strncpy(inq->prod_revision, "FAKE",4);
224c4d
 		} else if (inq->add_len == 0 &&
224c4d
 					inq->removable &&
224c4d
 						inq->ansi_version == 1) {
224c4d
 			usalp->dev = DEV_MT02;
224c4d
-			strcpy(inq->vendor_info,
224c4d
-				"EMULEX  MT02            FAKE");
224c4d
+			strncpy(inq->vendor_info,"EMULEX  ",8);
224c4d
+			strncpy(inq->prod_ident, "MT02            ",16);
224c4d
+			strncpy(inq->prod_revision, "FAKE",4);
224c4d
 		}
224c4d
 		break;
224c4d